From: per@erix.ericsson.se (Per Hedeland) Newsgroups: alt.security Subject: Re: Should /etc/utmp protection be changed? Message-ID: <1991Sep11.115213.1453@eua.ericsson.se> Date: 11 Sep 91 11:52:13 GMT References: <1991Sep4.122349.23723@pony.acadiau.ca> <1991Sep09.131224.2923@donau.et.tudelft.nl> <1991Sep10.101134.14482@donau.et.tudelft.nl> Organization: Ellemtel Telecom Systems Labs, Stockholm, Sweden In article <1991Sep10.115620.3440@nntp.hut.fi>, jkp@cs.HUT.FI (Jyrki Kuoppala) writes: |> I haven't verified this, but I think the problem might be that xterm |> setuid()s to root and runs some programs, which thus are run with euid |> = uid = root and do use the dynamic libraries. To the best of my knowledge (i.e. grepping the source:-), xterm a) never setuid()s to root, and b) only runs the program specified by -e (or the default SHELL) and (if so configured, it isn't by default) a program specified as "logfile" with a leading '|', and in both cases (of course:-) setuid()s to the *real* userid. In article <1991Sep10.101134.14482@donau.et.tudelft.nl>, wolff@tardis.et.tudelft.nl (Rogier Wolff) writes: |> Beware however with the pathnames used on the -L option: you could |> be in trouble if they are relative. Yes, this is exactly the problem with the xterm (and xload) installation as per the X11R4 default setup - it used -L with relative pathnames to refer to the directories in the source tree where the not-yet-installed libraries were. Fixed - for xterm, but not xload - in R5, where xterm is relinked on "make install" (refer to comp.windows.x where there is some discussion of this "right now"...) --Per Hedeland per@erix.ericsson.se or per%erix.ericsson.se@sunic.sunet.se or ....uunet!erix.ericsson.se!per